package io.helidon.microprofile.security;

import io.helidon.common.context.Context;
import io.helidon.common.context.Contexts;
import io.helidon.common.uri.UriQuery;
import io.helidon.security.EndpointConfig;
import io.helidon.security.OutboundSecurityClientBuilder;
import io.helidon.security.OutboundSecurityResponse;
import io.helidon.security.Security;
import io.helidon.security.SecurityContext;
import io.helidon.security.SecurityEnvironment;
import io.helidon.security.SecurityResponse;
import io.helidon.security.integration.common.OutboundTracing;
import io.helidon.security.integration.common.SecurityTracing;
import jakarta.annotation.Priority;
import jakarta.ws.rs.ConstrainedTo;
import jakarta.ws.rs.RuntimeType;
import jakarta.ws.rs.client.ClientRequestContext;
import jakarta.ws.rs.client.ClientRequestFilter;
import jakarta.ws.rs.core.MultivaluedMap;
import java.lang.System;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicLong;

@Priority(1000)
@ConstrainedTo(RuntimeType.CLIENT)
/* loaded from: input_file:io/helidon/microprofile/security/ClientSecurityFilter.class */
public class ClientSecurityFilter implements ClientRequestFilter {
    private static final System.Logger LOGGER = System.getLogger(ClientSecurityFilter.class.getName());
    private static final AtomicLong CONTEXT_COUNTER = new AtomicLong();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.helidon.microprofile.security.ClientSecurityFilter$1, reason: invalid class name */
    /* loaded from: input_file:io/helidon/microprofile/security/ClientSecurityFilter$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus = new int[SecurityResponse.SecurityStatus.values().length];

        static {
            try {
                $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[SecurityResponse.SecurityStatus.FAILURE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[SecurityResponse.SecurityStatus.FAILURE_FINISH.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public void filter(ClientRequestContext clientRequestContext) {
        try {
            doFilter(clientRequestContext);
        } catch (Throwable th) {
            LOGGER.log(System.Logger.Level.WARNING, "Failed to process client filter.", th);
            throw th;
        }
    }

    private void doFilter(ClientRequestContext clientRequestContext) {
        Optional<SecurityContext> findContext = findContext(clientRequestContext);
        if (findContext.isPresent()) {
            outboundSecurity(clientRequestContext, findContext.get());
            return;
        }
        LOGGER.log(System.Logger.Level.TRACE, "Security context not available, using empty one. You can define it using property \"{0} on request", new Object[]{ClientSecurity.PROPERTY_CONTEXT});
        Context context = (Context) Contexts.context().orElseGet(() -> {
            return Context.builder().id("security-" + CONTEXT_COUNTER.incrementAndGet()).build();
        });
        Optional map = context.get(Security.class).map(security -> {
            return security.createContext(context.id());
        });
        if (map.isPresent()) {
            Contexts.runInContext(context, () -> {
                outboundSecurity(clientRequestContext, (SecurityContext) map.get());
            });
        } else {
            LOGGER.log(System.Logger.Level.TRACE, "Security is not available in global or current context, cannot propagate identity.");
        }
    }

    private void outboundSecurity(ClientRequestContext clientRequestContext, SecurityContext securityContext) {
        OutboundTracing outboundTracing = SecurityTracing.get().outboundTracing();
        Optional property = property(clientRequestContext, String.class, ClientSecurity.PROPERTY_PROVIDER);
        try {
            SecurityEnvironment.Builder clearQueryParams = securityContext.env().derive().clearHeaders().clearQueryParams();
            clearQueryParams.method(clientRequestContext.getMethod()).path(clientRequestContext.getUri().getPath()).targetUri(clientRequestContext.getUri()).headers(clientRequestContext.getStringHeaders()).queryParams(UriQuery.create(clientRequestContext.getUri()));
            EndpointConfig.Builder derive = securityContext.endpointConfig().derive();
            for (String str : clientRequestContext.getConfiguration().getPropertyNames()) {
                derive.addAtribute(str, clientRequestContext.getConfiguration().getProperty(str));
            }
            for (String str2 : clientRequestContext.getPropertyNames()) {
                derive.addAtribute(str2, clientRequestContext.getProperty(str2));
            }
            OutboundSecurityClientBuilder outboundEndpointConfig = securityContext.outboundClientBuilder().outboundEnvironment(clearQueryParams).update(outboundSecurityClientBuilder -> {
                Optional findParent = outboundTracing.findParent();
                Objects.requireNonNull(outboundSecurityClientBuilder);
                findParent.ifPresent(outboundSecurityClientBuilder::tracingSpan);
            }).outboundEndpointConfig(derive);
            Objects.requireNonNull(outboundEndpointConfig);
            property.ifPresent(outboundEndpointConfig::explicitProvider);
            OutboundSecurityResponse submit = outboundEndpointConfig.submit();
            SecurityResponse.SecurityStatus status = submit.status();
            outboundTracing.logStatus(status);
            switch (AnonymousClass1.$SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[status.ordinal()]) {
                case 1:
                case 2:
                    Optional throwable = submit.throwable();
                    Objects.requireNonNull(outboundTracing);
                    throwable.ifPresentOrElse(th -> {
                        outboundTracing.error(th);
                    }, () -> {
                        outboundTracing.error((String) submit.description().orElse("Failed"));
                    });
                    break;
            }
            Map requestHeaders = submit.requestHeaders();
            LOGGER.log(System.Logger.Level.TRACE, () -> {
                return "Client filter header(s). SIZE: " + requestHeaders.size();
            });
            MultivaluedMap headers = clientRequestContext.getHeaders();
            for (Map.Entry entry : requestHeaders.entrySet()) {
                LOGGER.log(System.Logger.Level.TRACE, () -> {
                    return "    + Header: " + ((String) entry.getKey()) + ": " + String.valueOf(entry.getValue());
                });
                headers.remove(entry.getKey());
                Iterator it = ((List) entry.getValue()).iterator();
                while (it.hasNext()) {
                    headers.add((String) entry.getKey(), (String) it.next());
                }
            }
            outboundTracing.finish();
        } catch (Exception e) {
            outboundTracing.error(e);
            throw e;
        }
    }

    private Optional<SecurityContext> findContext(ClientRequestContext clientRequestContext) {
        return property(clientRequestContext, SecurityContext.class, ClientSecurity.PROPERTY_CONTEXT).or(() -> {
            return Contexts.context().flatMap(context -> {
                return context.get(SecurityContext.class);
            });
        });
    }

    private static <T> Optional<T> property(ClientRequestContext clientRequestContext, Class<T> cls, String str) {
        Optional ofNullable = Optional.ofNullable(clientRequestContext.getProperty(str));
        Objects.requireNonNull(cls);
        Optional<T> or = ofNullable.filter(cls::isInstance).or(() -> {
            Optional ofNullable2 = Optional.ofNullable(clientRequestContext.getConfiguration().getProperty(str));
            Objects.requireNonNull(cls);
            return ofNullable2.filter(cls::isInstance);
        });
        Objects.requireNonNull(cls);
        return (Optional<T>) or.map(cls::cast);
    }
}
